Based on the previous labs, you should be able to answer the questions in this lab. This lab is ‘instructor-assisted’ so you’ll be given all the answers by the instructor and also shown how to get them.
Read the code below.
.text:00402024 sub_402024 proc near ; CODE XREF: sub_40159E+29↑p
.text:00402024 ; sub_401678+2F↑p
.text:00402024 push esi
.text:00402025 mov esi, eax
.text:00402027 jmp short loc_40202D
.text:0040202D movsx eax, byte ptr [edx]
.text:00402030 movsx ecx, byte ptr [esi]
.text:00402033 inc edx
.text:00402034 inc esi
.text:00402035 cmp ecx, eax
.text:00402037 jz short loc_402029
.text:00402039 sbb eax, eax
.text:0040203B and eax, 2
.text:0040203E dec eax
.text:0040203F pop esi
.text:00402040 retn
Read the code below.
.text:00402065 mov eax, edi
.text:00402067 pop edi
.text:00402068 pop esi
.text:00402069 pop ebp
.text:0040206A retn 4
.text:0040206A sub_402045 endp
Read the code below.
text:0040355C Data = byte ptr -31Ch
.text:0040355C Buffer = byte ptr -218h
.text:0040355C ValueName = byte ptr -114h
.text:0040355C dwDisposition = dword ptr -10h
.text:0040355C Type = dword ptr -0Ch
.text:0040355C cbData = dword ptr -8
.text:0040355C phkResult = dword ptr -4
.text:0040355C arg_0 = dword ptr 8
.text:0040355C
.text:0040355C push ebp
.text:0040355D mov ebp, esp
.text:0040355F sub esp, 31Ch
.text:00403565 push ebx
.text:00403566 push esi
.text:00403567 lea eax, [ebp+ValueName]
.text:0040356D push eax
.text:0040356E mov [ebp+Type], 1
.text:00403575 xor bl, bl
.text:00403577 call sub_403B1D
.text:0040357C push eax
.text:0040357D call sub_40344D
.text:00403582 lea eax, [ebp+dwDisposition]
.text:00403585 push eax ; lpdwDisposition
.text:00403586 lea eax, [ebp+phkResult]
.text:00403589 push eax ; phkResult
.text:0040358A xor esi, esi
.text:0040358C push esi ; lpSecurityAttributes
.text:0040358D push 2001Fh ; samDesired
.text:00403592 push esi ; dwOptions
.text:00403593 push esi ; lpClass
.text:00403594 push esi ; Reserved
.text:00403595 push offset aSoftwareMicros_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVe"...
.text:0040359A push 80000001h ; hKey
.text:0040359F call ds:RegCreateKeyExA
.text:004035A5 test eax, eax
.text:004035A7 jnz loc_403644
Read the code below.
.text:00402B87 mov [ebp+UrlComponents.lpszUrlPath], esp
.text:00402B8A lea eax, [ebp+UrlComponents]
.text:00402B8D push eax ; lpUrlComponents
.text:00402B8E push 80000000h ; dwFlags
.text:00402B93 push esi ; dwUrlLength
.text:00402B94 push dword ptr [edi] ; lpszUrl
.text:00402B96 call ds:InternetCrackUrlA
.text:00402B9C test eax, eax
.text:00402B9E jz loc_402CF1
All tasks in this part are instructor-lead. There will be a demo at the start of each task.
Load the file asm_sam1 in IDA Pro and answer these questions:
Load the file asm_sam2 in IDA Pro and answer these questions:
Load the file asm_sam3 in IDA Pro and answer these questions:
Load the file asm_sam4 in IDA Pro and answer these questions:
You have now completed this lab. Add all notes to the Workshop Notes doc.